Add v1.0 API overview for Tenant Configuration Management APIs (#28526)

* Add v1.0 unified tenant configuration management API overview and update toc and concepts

Co-authored-by: FaithOmbongi <14026935+FaithOmbongi@users.noreply.github.com>
Agent-Logs-Url: https://github.com/microsoftgraph/microsoft-graph-docs/sessions/5b5bf0fc-0015-4ac7-8790-25bda86ea807

* Update reference TOC

* stop version pinning for link

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: FaithOmbongi <14026935+FaithOmbongi@users.noreply.github.com>
Co-authored-by: Microsoft Graph DevX Tooling <GraphTooling@service.microsoft.com>
Co-authored-by: Faith Moraa Ombongi <ombongi.moraa.fe@gmail.com>

Author: 3 people

api-reference/v1.0/resources/unified-tenant-configuration-management-api-overview.md

@@ -0,0 +1,81 @@
+---
+title: "Use the Tenant Configuration Management APIs in Microsoft Graph"
+description: "Learn how to use the Tenant Configuration Management APIs in Microsoft Graph to control and manage configuration settings for an entire organization."
+ms.localizationpriority: high
+author: "swatyario"
+ms.subservice: "tenant-configuration-management"
+doc_type: conceptualPageType
+ms.date: 01/19/2026
+---
+
+# Use the Tenant Configuration Management APIs in Microsoft Graph
+
+Namespace: microsoft.graph
+
+The Tenant Configuration Management (TCM) APIs allow administrators to control and manage configuration settings across a single workload or multiple workloads within the organization.
+
+The tenant configuration APIs need admins to first add TCM service principal to their tenant and then grant permissions to it. This is a pre-requisite step. Read more here: [Set up authentication for Tenant Configuration Management APIs](/graph/utcm-authentication-setup)
+
+## Authorization
+
+To call the TCM APIs in Microsoft Graph, your app needs to acquire an access token. For details about access tokens, see [Get access tokens to call Microsoft Graph](/graph/auth/). Your app also needs the appropriate permissions. For more information, see [Microsoft Graph permissions reference](/graph/permissions-reference).
+
+## Tenant monitoring APIs
+
+The tenant [monitoring](../resources/configurationmonitor.md) APIs in TCM allow administrators to create one or more monitors, review their monitoring results, and get information about all active drifts in a tenant. Administrators can then resolve these [drifts](../resources/configurationdrift.md) by using the relevant admin centers or other available methods.
+
+## Snapshot APIs
+
+The [snapshot](../resources/configurationsnapshotjob.md) APIs in TCM allow administrators to extract the current tenant configuration settings. This process allows administrators to get a baseline that represents the desired tenant configuration and serves as the foundation for periodic tenant monitoring.
+
+## Common use cases
+
+The following table lists common use cases for the TCM APIs.
+
+| Use case                                                   | REST resource                                                                | See also                                                                                         |
+| :---------------------------------------------------------- | :---------------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------- |
+| Get a baseline and create a snapshot job | [configurationBaseline](../resources/configurationbaseline.md) | [configurationBaseline methods](../resources/configurationbaseline.md#methods) |
+| List and get drifts | [configurationDrift](../resources/configurationdrift.md) | [configurationDrift methods](../resources/configurationdrift.md#methods) |
+| Create and manage monitors | [configurationMonitor](../resources/configurationmonitor.md) | [configurationMonitor methods](../resources/configurationmonitor.md#methods) |
+| List and get monitoring results | [configurationMonitoringResult](../resources/configurationmonitoringresult.md) | [configurationMonitoringResult methods](../resources/configurationmonitoringresult.md#methods) |
+| List, get, and delete snapshot jobs | [configurationSnapshotJob](../resources/configurationsnapshotjob.md) | [configurationSnapshotJob methods](../resources/configurationsnapshotjob.md#methods) |
+
+## API limits
+
+### Tenant monitoring
+
+The following API limits apply to the [configurationMonitor](../resources/configurationmonitor.md) API:
+
+- You can create up to 30 **configurationMonitor** objects per tenant.
+- Each configurationMonitor runs at a **fixed interval of six hours**. A monitor cannot be configured to run at any other frequency.
+- An administrator can monitor up to **800 configuration resources per day per tenant**, across all monitors. Administrators decide how to use this quota—through a single monitor or multiple monitors. Example: If an admin includes **20 transport rules** and **30 conditional access policies** in a monitor's baseline, that monitor tracks **50 resources per cycle**. Since the monitor runs every six hours (**4 cycles/day**), this results in **200 monitored resources per day**. Additional monitors can be created until the daily **800‑resource** limit is reached.
+- When an administrator updates the baseline of an existing monitor, **all previously generated monitoring results and detected drifts for that monitor** are automatically deleted.
+
+### Drifts
+
+The following API limits apply to the [configurationDrift](../resources/configurationdrift.md) API:
+
+- All active drifts are retained and available for administrators to review at any time.
+- Each fixed drift is deleted 30 days after it is resolved.
+
+### Snapshot
+
+The following API limits apply to the [configurationSnapshotJob](../resources/configurationsnapshotjob.md) API:
+
+- You can extract a maximum of 20000 resources per tenant per month. This is a cumulative limit across all snapshots.
+- There is **no maximum number of snapshots** you can create per day or per month. You may generate as many snapshots as needed, as long as the **total number of resources extracted** stays within the **20,000-resource monthly quota** for the tenant.
+- A maximum of 12 snapshot jobs are visible to the administrator. If the administrator wants to create more snapshot jobs, they have to delete one or more of the existing jobs.
+- A snapshot is retained for a maximum of seven days, after which it is automatically deleted.
+
+## Next steps
+
+Use the Microsoft Graph TCM APIs to control and manage configuration settings across one or more workloads within an organization. To learn more:
+
+- Explore the resources and methods that are most helpful to your scenario.
+- Try the API in the [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).
+
+## Related content
+
+[Overview of the Tenant Configuration Management APIs in Microsoft Graph](/graph/unified-tenant-configuration-management-concept-overview)
+
+[Set up authentication for Tenant Configuration Management APIs](/graph/utcm-authentication-setup)

api-reference/v1.0/toc/tenant-management/toc.yml

@@ -4,6 +4,8 @@
 items:
 - name: Configuration management
   items:
+  - name: Overview
+    href: ../../resources/unified-tenant-configuration-management-api-overview.md
   - name: Configuration monitor
     items:
     - name: Configuration monitor

api-reference/v1.0/toc/toc.mapping.json

@@ -2253,6 +2253,7 @@
       "childNodes": [
         {
           "name": "Configuration management",
+          "overview": "../../resources/unified-tenant-configuration-management-api-overview.md",
           "resources": [
             "configurationMonitor",
             "configurationMonitoringResult",

concepts/unified-tenant-configuration-management-concept-overview.md

@@ -27,18 +27,18 @@ Administrators have the ability to manage tenant configuration through a declara
 
 ### Maintain a secure and consistent tenant configuration
 
-As the Microsoft 365 ecosystem grows, keeping tenant settings aligned with the desired configuration of an organization becomes increasingly complex. Currently, IT administrators often have to manually detect and resolve configuration drift, a process that is time-consuming and prone to error. The TCM APIs address this challenge by enabling automated monitoring of tenant settings. With the [monitoring](/graph/api/resources/configurationmonitor?view=graph-rest-beta&preserve-view=true) APIs in TCM, you can ensure your configurations remain secure and consistent, and quickly identify any deviations from the desired state.
+As the Microsoft 365 ecosystem grows, keeping tenant settings aligned with the desired configuration of an organization becomes increasingly complex. Currently, IT administrators often have to manually detect and resolve configuration drift, a process that is time-consuming and prone to error. The TCM APIs address this challenge by enabling automated monitoring of tenant settings. With the [monitoring](/graph/api/resources/configurationmonitor) APIs in TCM, you can ensure your configurations remain secure and consistent, and quickly identify any deviations from the desired state.
 
 ### Easily extract and understand current configuration states
 
-The [snapshot](/graph/api/resources/configurationsnapshotjob?view=graph-rest-beta&preserve-view=true) APIs in TCM simplify the process of retrieving the current configuration across multiple workloads within a tenant. Administrators can use these snapshots to get a clear, declarative view of how settings are currently applied, which makes audits, reviews, and troubleshooting much easier.
+The [snapshot](/graph/api/resources/configurationsnapshotjob) APIs in TCM simplify the process of retrieving the current configuration across multiple workloads within a tenant. Administrators can use these snapshots to get a clear, declarative view of how settings are currently applied, which makes audits, reviews, and troubleshooting much easier.
 
 ## API reference
 
-Looking for the API reference for this service, see [Tenant Configuration Management APIs in Microsoft Graph beta](/graph/api/resources/unified-tenant-configuration-management-api-overview?view=graph-rest-beta&preserve-view=true).
+Looking for the API reference for this service, see [Tenant Configuration Management APIs in Microsoft Graph](/graph/api/resources/unified-tenant-configuration-management-api-overview).
 
 ## Next steps
 
 - To learn how to authenticate and set up the TCM service principal, see [Set up authentication for Tenant Configuration Management APIs](/graph/utcm-authentication-setup).
-- To learn more about the Tenant Configuration Management APIs, see [Tenant Configuration Management APIs in Microsoft Graph](/graph/api/resources/unified-tenant-configuration-management-api-overview?view=graph-rest-beta&preserve-view=true).
+- To learn more about the Tenant Configuration Management APIs, see [Tenant Configuration Management APIs in Microsoft Graph](/graph/api/resources/unified-tenant-configuration-management-api-overview).
 - Try the Tenant Configuration Management APIs in [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).